The MN Department of Education Gets Hit by MOVEit Breach, Exposing Nearly 95K Students
Table of Contents
- By Steven
- Published: Jun 15, 2023
- Last Updated: Jun 16, 2023
The Minnesota Department of Education oversees public schools throughout the state and manages data for special programs for the students at these organizations. The organization works with thousands of schools throughout the state and manages some data from students at many of these locations. For those reasons, the MDE is a prime target for data thieves looking to exploit students and their parents, and that's exactly what just happened.
How Did the Attack Occur?
The Minnesota Department of Education was hit by the cyber attack exploiting the MOVEit file transfer service. This service was recently attacked by the C10p ransomware gang as one of the 100's of companies to suffer from the attack. The gang managed to infiltrate the file transfer service and take a substantial amount of information before the school district knew there was a threat. On May 31, 2023, Progress Software, the parent company of the MOVEit file service, issued a statement explaining the data breach and how it could be a threat to a large number of companies. The organization also released a security patch to help protect against this breach. It's a patch that companies must install themselves, which means that many organizations remained vulnerable to the breach long after it was detected and patched.
What Information Was Viewed or Stolen?
During the data breach that exposed information held by the Minnesota Department of Education, as many as 95,000 students had their data exposed. No financial information was released, but student home addresses, first and last names, birth dates, and the counties of residence for many students were exposed. While this data isn't too serious, it's still worrisome to think about all that information being exposed without the consent of all those students and their parents.
How Did The Minnesota Department of Education Admit to the Breach?
On June 9, 2023, the MDE put out a statement explaining the details of the data breach and what students and parents should do as a way to protect themselves. The government agency also sent out letters to many of the impacted students explaining the risks and what data was exposed to them. All this data makes it simple for Minnesota families to know when they're impacted by this data breach.
What Will Become of the Stolen Information?
It's unlikely the data taken from these students will be used to cause too much trouble. No Social Security numbers or financial account details are believed to be exposed by the breach. With that said, everyone involved should still be wary and monitor their credit, bank accounts, and any other financial institutions they are involved in, just in case.
What Should Affected Parties Do in the Aftermath of the Breach?
There is no immediate action required by the impacted parties, but students and adults should consider looking at their credit and being careful to avoid any phishing attacks via SMS or email. Don't give away personal information to anyone you don't know closely, and you should be okay.
